Menu
▾
▴
Re: [Unity-idm-discuss] SLO with HTTP Redirect
|
From: Krzysztof B. <kb...@un...> - 2018-12-09 15:05:44
|
Hi Sander, W dniu 06.12.2018 o 15:46, Sander Apweiler pisze: > Hi Krzysztof, > > we are running unity 2.4.2 and if a SP uses SLO with HTTP Redirect we > got an error about missing signature. The SP signs the logout request. > > Is there some additional configuration needed? It is hard to tell, not even knowing which actor shows error. In general I'd say that using HTTP redirect + SAML signatures is very unreliable, in many cases even not supported and typically shouldn't be used. In HTTP redirect world your SAML message is encoded as URL parameter. Those are limited in size and so if the request is signed, the URL might be simply too long (for everything that handles it: starting from browser via HTTP server on Unity ending). Cheers, KB |
